Wireless IPS must detect non-Wi-Fi wireless LAN security threats

Wireless IPS has traditionally policed Wi-Fi frequencies for wireless LAN security threats, such as rogue and misconfigured access points, but many enterprises need these products to look beyond Wi-Fi into interfering activity from cellular networks and other wireless technologies.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

In particular, the ubiquity of advanced cellular devices like smartphones, tablets and laptops with built-in 3G aircards is making cellular frequencies a growing threat vector for data leakage and targeted attacks in the enterprise, said John Pescatore, vice president and distinguished analyst with Gartner Inc.

"A lot of these companies have given employees cellular aircards for their laptops … [only to find] they would bring their laptops into a building, put them into a docking station and be back on the corporate network. Now that the employee was behind the corporate firewall, policy wouldn't let them go to porn sites or eBay or whatever, but they were using aircards to get around corporate security controls," said Pescatore.

Government agencies in the United States are also seeking wireless IPS products with non-Wi-Fi spectrum visibility. Prisons are dealing with inmates who use smuggled cell phones. Agencies like the National Security Agency (NSA) and the Department of Defense want to control the use of cellular devices on their campuses, too.

"People at the NSA and Department of Defense are running into the issue of letting a repair person into their buildings to fix a printer, and he has a cell phone with a direct data connection," Pescatore said.

Wireless IPS visibility into cellular networks is not trivial

Detection and visibility into cellular networks is extremely complex for vendors to pull off, and there will always be a limit to what this visibility can achieve, according to Andrew vonNagy, a blogger and lead network administrator with a Fortune 30 retailer.

"I'm not sure they could monitor today for GSM and CDMA bands, and I'm not sure what regulatory licenses they would need to have just to monitor those frequencies," he said. "Those frequencies are licensed to the Verizons and AT&Ts of the world, so you would have to own a license to operate there. It would be beneficial to be able to identify data traffic potentially leaving the network over those frequencies, but identifying if it belongs to you is going to be pretty limited because those networks deploy encryption of their own."

There are strict laws in place preventing the manufacture and sale of devices that can listen to cellular voice calls, Pescatore said. However, wireless IPS vendors can build approved products to detect the presence of cellular activity. Specifically, these products could use wireless IPS sensors to triangulate the position of a cellular signal in an environment where such devices are banned.

Even in a company where every employee has a smartphone, Wireless IPS products can enforce designation of certain areas of a building where cellular devices are forbidden. These products will also offer the ability to whitelist devices in a building and maintain an audit trail for any device that is not on that list. "If something does happen, they can look up the number of the device," said Pescatore.

And as machine-to-machine (M2M) technologies become more ubiquitous, cellular detection will only grow in importance.

"Little cellular radios are being put in all kinds of things to do reporting," Pescatore said. "Over time vendors might put them in printers and copy machines so that they can call out to say they need toner. These are things with M2M capabilities that you might not want to allow in your buildings."

Other wireless LAN security threats for wireless IPS vendors to watch for

Beyond cellular threats, there are plenty of other wireless LAN security threats that vonNagy thinks wireless IPS solutions should detect with better spectrum intelligence. For instance, legacy hardware built to the original 802.11 standard can use frequency-hopping Wi-Fi and infrared Wi-Fi. Wireless IPS products need to be tuned to detect rogue APs using these legacy technologies. Wireless IPS products should also be tuned to detect activity on Wi-Fi frequencies that are officially off limits to Wi-Fi equipment deployed within a particular country.

"You might want to be alerted to Wi-Fi operating on nonstandard frequencies like the 4r.9 GHz public safety band or wireless frequencies that are outside the regulatory domain that you're operating in. In the U.S., Wi-Fi uses channels one through 11 of the 2.4 GHz band. Japan uses channel 14, as well. So if someone bought a Japanese access point and set it up on channel 14, your sensors are kind of oblivious to it because they might not be scanning there," vonNagy said.

Cisco Systems recently introduced a software upgrade, Enhanced Local Mode (ELM), to all its wireless LAN access points (APs). ELM allows Cisco APs to serve wireless clients and act as sensors for Cisco Adaptive Wireless IPS simultaneously. Most wireless LAN solutions require an overlay network of sensor devices. Cisco positioned the ELM update as a way for enterprises to save on wireless LAN security capital expenses by using existing APs rather than standalone sensors.

Cisco's ELM upgrade has an added benefit for customers who have installed its Aironet 3500 APs, which have advanced spectrum analysis capabilities based on Cisco CleanAir technology. By integrating the ELM functionality with the spectrum intelligence of 3500 APs, enterprises can get alerts about non-Wi-Fi security threats, according to Chris Kozup, director of Cisco mobility solutions.

"Enterprises can now get broader visibility into things that occur on the Bluetooth side or into RF [radio-frequency] denial of service jamming attacks," he said. "All of these non-Wi-Fi activities that may constitute a security threat -- we can now uniquely in the industry detect and alert on as well."

Cisco's CleanAir APs can't detect cellular signals, but other wireless IPS vendors are starting to move in that direction, Pescatore said. AirPatrol Corp. has received government funding to build a wireless IPS product that can scan for both Wi-Fi and cellular activity, he said.

E-Zine

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy